Add mod_python adapter and some UI tuning

2025-02-25 18:55:28 -06:00 · 2009-10-26 05:16:18 -06:00
parent 23b800a879
commit c4b7b70636
7 changed files with 242 additions and 70 deletions
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -11,30 +11,6 @@ PythonImport ipaserver main_interpreter
 # This is required so the auto-configuration works with Firefox 2+
 AddType application/java-archive        jar

-<ProxyMatch ^.*/ipa/ui.*$$>
-  AuthType Kerberos
-  AuthName "Kerberos Login"
-  KrbMethodNegotiate on
-  KrbMethodK5Passwd off
-  KrbServiceName HTTP
-  KrbAuthRealms $REALM
-  Krb5KeyTab /etc/httpd/conf/ipa.keytab
-  KrbSaveCredentials on
-  Require valid-user
-  ErrorDocument 401 /ipa/errors/unauthorized.html
-  RewriteEngine on
-  Order deny,allow
-  Allow from all
-
-  RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
-
-  # RequestHeader unset Authorization
-</ProxyMatch>
-
-# The URI's with a trailing ! are those that aren't handled by the proxy
-ProxyPass /ipa/ui http://localhost:8080/ipa/ui
-ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui
-
 # This is where we redirect on failed auth
 Alias /ipa/errors "/usr/share/ipa/html"

@@ -44,7 +20,8 @@ Alias /ipa/config "/usr/share/ipa/html"
 # For CRL publishing
 Alias /ipa/crl "/var/lib/pki-ca/publish"

-<Location "/ipa/xml">
+
+<Location "/ipa">
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate on
@@ -55,19 +32,39 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
  KrbSaveCredentials on
  Require valid-user
  ErrorDocument 401 /ipa/errors/unauthorized.html
+</Location>

+<Location "/ipa/xml">
  SetHandler python-program
  PythonInterpreter main_interpreter
  PythonHandler ipaserver::xmlrpc
-
  PythonDebug Off
-
  PythonOption IPADebug Off
-
-  # this is pointless to use since it would just reload ipaxmlrpc.py
+  PythonOption SCRIPT_NAME /ipa/xml
  PythonAutoReload Off
 </Location>

+<Location "/ipa/json">
+  SetHandler python-program
+  PythonInterpreter main_interpreter
+  PythonHandler ipaserver::jsonrpc
+  PythonDebug Off
+  PythonOption IPADebug Off
+  PythonOption SCRIPT_NAME /ipa/json
+  PythonAutoReload Off
+</Location>
+
+<Location "/ipa/ui">
+  SetHandler python-program
+  PythonInterpreter main_interpreter
+  PythonHandler ipaserver::webui
+  PythonDebug Off
+  PythonOption IPADebug Off
+  PythonOption SCRIPT_NAME /ipa/ui
+  PythonAutoReload Off
+</Location>
+
+
 # Do no authentication on the directory that contains error messages
 <Directory "/usr/share/ipa/html">
  AllowOverride None
@@ -112,7 +109,7 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
 #
 #  SetHandler mod_python
 #  PythonHandler test_mod_python
-#  
+#
 #  PythonDebug Off
 #
 #</Directory>